If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Can't shake this virus!

I get some reports that it is trojan agent.ba from trendmicro online scan, and just downloader trojan from NAV.

I have disabled system restore, rebooted to safe mode w/networking so I can download all updates.

I've updated all definitions for NAV, The Cleaner, Adaware, Spybot, CWShreader and Trend Micro. All the applications come up clean in safe mode. When I reboot to regular mode it finds the virus right away and can't remove it. It keeps changing the filename and I can't track this sucker down.

I'd run a hijack this, but I'm in the middle of another scan...

Any suggestions?

It is on a client's PC and I'm supposed to give it back tomorrow... hopefully I can shake it tonight. I don't want to do a full reload... after all the time I've spent on it so far...

Oh, I can't get symantec to get fully updated either. Symantec redirector fails and I can't update the rest of NIS 2k3 without that update...

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Phish,
Try Swatit, http://swatit.org/. It is one of the best trojan removers I know of. It does take a long time, but it goes really in depth through your system.

And its free.

\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Also, take the box off the web and leave it on a network, try port scanning it and netcat-ing to any suspicious ports to help fingerprint the virus. Sniff the trafic for any mass-mail attempts, and try some file monitoring as well. http://www.sysinternals.com/ntw2k/source/filemon.shtml

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

I uninstalled, rebooted, deleted any folders it left behind and reinstalled.

I think the virus was preventing it from updating? Not sure why it wasn't updating...

It was Norton Internet Security that couldn't update because the Redirector was failing.

Norton Antivirus was updating just fine.

Dunno what the problem was... but its fixed by reinstall of NIS2k3

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

And they will allow you to upload the file to be scanned by several different scanning engines. Then it is usually just a matter of surfing to the appropriate site and finding the tool that targets that specific infection.